[RFC 0/2] Consolidate patch_instruction
Naveen N. Rao
naveen.n.rao at linux.vnet.ibm.com
Tue May 16 23:41:41 AEST 2017
On 2017/05/16 10:56AM, Anshuman Khandual wrote:
> On 05/16/2017 09:19 AM, Balbir Singh wrote:
> > patch_instruction is enhanced in this RFC to support
> > patching via a different virtual address (text_poke_area).
>
> Why writing instruction directly into the address is not
> sufficient and need to go through this virtual address ?
To enable KERNEL_STRICT_RWX and map all of kernel text to be read-only?
>
> > The mapping of text_poke_area->addr is RW and not RWX.
> > This way the mapping allows write for patching and then we tear
> > down the mapping. The downside is that we introduce a spinlock
> > which serializes our patching to one patch at a time.
>
> So whats the benifits we get otherwise in this approach when
> we are adding a new lock into the equation.
Instruction patching isn't performance critical, so the slow down is
likely not noticeable. Marking kernel text read-only helps harden the
kernel by catching unintended code modifications whether through
exploits or through bugs.
- Naveen
More information about the Linuxppc-dev
mailing list